← API SecurityImperva API Security

StrongAdequateStrongStrong

4.5

Vendors › API Security › Imperva API Security

Imperva API Security

Name: Imperva API Security
Rating: 4.45 (140 reviews)
Author: Imperva (Thales)

Imperva (Thales)

Founded 2002·US·Private

4.5

Combined score

4.480

Gartner

4.560

⚠

Security incident on record — Imperva disclosed breach Sept 2023 — API keys, SSL certs, and customer data exposed after cloud provider misconfiguration

▪ Editorial verdict

Imperva API Security delivers the most seamless WAF and API security integration in the market. For organisations already running Imperva WAF, adding API security creates a unified application protection platform where web application and API threats are detected, correlated, and responded to from a single console without the integration overhead of connecting separate tools. The 4.5 out of 5 Gartner rating from 72 reviews with consistent praise for API traffic visibility and WAF integration reflects genuine customer satisfaction with this use case.

The AI-native detection sophistication for API-specific threats like BOLA, BFLA, and business logic abuse is less advanced than Salt Security or Traceable.

The verdict: Imperva API Security is right for existing Imperva WAF customers wanting integrated API security without deploying a separate vendor. Organisations wanting best-of-breed standalone API security should evaluate Salt Security or Akamai.

Last reviewed: May 2026

4.480 reviews

Gartner

4.560 reviews

Gartner MQ: Representative Vendor (Gartner API Protection 2024)

API Security assessment

PROTECTIONStrong

API discovery & inventory

4 / 5

Attack detection

4 / 5

OPERATIONSAdequate

DevOps integration

3 / 5

Remediation guidance

3 / 5

ANALYTICSStrong

Traffic analytics

4 / 5

TRUST & ECOSYSTEMStrong

Standards & spec coverage

4 / 5

Strongest: API discovery & inventory

Watch out for: Remediation guidance

Strengths & limitations

Strengths

●Native integration with Imperva WAF — unified web and API protection from one vendor

●Strong bot management layered on top of API security

●Mature platform with large enterprise customer base

Watch out for

●API security is secondary to WAF — less specialised than dedicated API security vendors

●Thales acquisition 2023 creates product integration uncertainty

●Higher complexity when not using Imperva WAF

Best for

Organisations already using Imperva WAF wanting integrated API security without adding a separate vendor.

Not suitable for: Organisations not using Imperva WAF — standalone API security specialists offer more depth.

Compliance coverage

●SOC 2

●HIPAA

●NIST CSF

●PCI-DSS

●CMMC

●GDPR

●NIS2

●ISO 27001

○Essential Eight

○AU Privacy Act

○DORA

○CIS Benchmarks

Switching intelligence

Switching from

Common migration paths based on review data

WAF-only API protection
Manual API inventory

Also considering

Vendors typically shortlisted alongside

Also in our database

Imperva (Thales) also appears in:

WAF / Web Application Firewall →

← Back to API Security Compare with other API Security vendors →

Quick facts

Pricing modelper API/month bundled with WAF

Pricing rangeEnterprise custom — contact for quote

Free trialNo

Min seatsNo minimum

Deployment time1-2 weeks

Complexity3 / 5

Pricing transparency2 / 5

AU presenceYes

IRAP assessedNo

Open sourceProprietary

Deployment

ModelsSaaS, On-premises, Hybrid

OS supportCloud-native

CloudAWS, Azure, GCP

SupportPhone, Email, Dedicated CSM

Data residencyUS, EU

Company

Imperva (Thales)

Founded 2002 · 1,500-2,000 (Thales) employees · Private

HQ: US

Part of Thales $21B revenue

Certifications

SOC 2 Type II, ISO 27001, PCI-DSS

Integrations

Imperva WAFAWS API GatewayAzure APIMSplunkServiceNowPagerDuty